The Financial Crimes Enforcement Network (FinCEN) issued another COVID-19 related alert for financial institutions about cyber-enabled crime and payment fraud schemes that continue to rise during the pandemic. The latest alert, issued July 30, focuses on the exploitation of remote platforms, email compromise campaigns and phishing, malware and extortion campaigns.
The advisory notes the following information should be shared across financial institutions with the following people: CEOs, COOs, chief risk officers, chief compliance/BSA officers, BSA/AML analysts/investigators, IT, cybersecurity units, fraud prevention units and legal departments. The latest alert follows an advisory posted on July 16 about the uptick in business email compromise schemes. These trends align with the uptick in overall fraud reported to financial institutions as noted in the FTC's data on COVID-19 related payment fraud reports. We break down the data in this report.
COVID-19 Related Fraud Schemes Impacting Financial Institutions
'Financial institutions can continue to play an important role in identifying, preventing, and reporting fraud schemes. FinCEN notes the importance of communication and collaboration among internal anti-money laundering and countering financing of terrorism (AML/CFT), compliance, business, fraud prevention, legal, and cybersecurity departments within financial institutions as well as with other financial institutions across the sector," FinCEN notes in its report.
Wire transfers are the main mode connected with email compromise fraud schemes, but more recently the FinCEN has observed BEC schemes fraudulently inducing funds or value transfers through other methods of payment, to include convertible virtual currency payments, automated clearing house transfers, and purchases of gift cards.
Credit card fraud has also been ramping up during the pandemic. Data from the FTC indicates that during the first 6 months of the year, 61,000 people have filed complaints related to card fraud. Over half of those complaints are related to fraudulent activity, many stemming from online shopping and vacation deals. The rise in CNP transactions and online shopping has motivated fraudsters to target vulnerable online sites. Here's how the data breaks down:
FTC COVID-19 Fraud Report Data
FinCEN is calling on financial institutions to share information related to these types of schemes as they are often connected to tracking down fraudulent transactions, money laundering, and related financial and payment fraud related crimes. In the latest alert, the organization pointed out financial institutions should be aware of the following fraud schemes:
- Targeting and exploitation of remote platforms and processes, through which malicious actors target vulnerabilities in remote applications and virtual environments to steal sensitive information, compromise financial activity and disrupt business operations.
- Phishing, malware and extortion campaigns that reference COVID-19 themes, such as CARES Act economic impact payments.
- Business email compromise scams, particularly targeting municipalities and the healthcare industry supply chain, directing victims to redirect payments to new accounts citing pandemic-related changes in business operations. Read the full last alerts from here: FinCEN Warns of COVID-19-Related Cyber Fraud, Fraud Schemes Targeting Vulnerable Business Processes
To help combat the scams that are often born out of these times of crisis — CUNA, AACUL and ABA — the organizations that serve financial institutions have been continually updating own resource pages to keep bank and credit union leaders informed. These pages are curated daily to provide the most up-to-date news and tips.
COVID-19 Scams Financial Institutions Should track
During times of uncertainty, fraudsters find new avenues to exploit. This is especially true during the COVID-19 pandemic. Below is a running list of financial scams financial institutions should be aware of during the pandemic:
- Phishing and supply scams. Scammers impersonate health organizations and businesses to gather personal and financial information or sell fake test kits, supplies, vaccines or cures for COVID-19.
- Stimulus check or economic relief scams. There are reports that the government will help to ease the economic impact of the virus by sending money by check or direct deposit. However, the government will NOT ask for a fee to receive the funds, nor will they ask for your personal or account information.
- Charity scams. Fraudsters seek donations for illegitimate or non-existent organizations.
- Delivery of malware through “virus-tracking apps” or sensationalized news reports.
- Provider scams. Scammers impersonate doctors and hospital staff and contact victim claiming to have treated a relative or friend for COVID-19 and demand payment for treatment.
- Bank/FDIC scams: Scammers impersonate FDIC or bank employees and falsely claim that banks are limiting access to deposits or that there are security issues with bank deposits.
- Investment scams often styled as “research reports,” claiming that products or services of publicly traded companies can prevent, detect, or cure COVID-19.